How to do it..

1. First, let us generate a self-signed certificate using OpenSSL, in the /data directory:

openssl req -x509 -newkey rsa:4096 -nodes -keyout mongo-secure.key -out mongo-secure.crt -days 365

1. Combine the key and certificate into a single .pem file:

cat mongo-secure.key mongo-secure.crt > mongo-secure.pem

1. Start the mongod daemon, with SSL enabled and listening on the default socket that is, localhost 27017:

mongod  --dbpath /data/db  --sslMode requireSSL --sslPEMKeyFile /data/mongo-secure.pem

1. In another window, connect to this server using a mongo client:

mongo localhost:27017

1. You should see a connect failed error on the client Terminal. Switch to the server's console window and you should see a log message indicating that the connection was rejected, something like this:

2017-05-13T16:51:08.031+0000 I NETWORK  [thread1] connection accepted from 192.168.200.200:43441 #4 (1 connection now open)
2017-05-13T16:51:08.032+0000 I -        [conn4] AssertionException handling request, closing client connection: 17189 The server is configured to only allow SSL connections
2017-05-13T16:51:08.032+0000 I -        [conn4] end connection 192.168.200.200:43441 (1 connection now open)

1. Now, switch back to the other console window and connect to the server again but this time using SSL:

mongo --ssl --sslAllowInvalidCertificates

1. You should be connected to the server and see the mongo shell.